Oracle Oracle Certifications 1Z0-997-20 Questions & Answers

• Question 151:

  You work for a large bank where your main application is a payment processing gateway API. You deployed the application on Oracle Container Engine for Kubernetes (OKE) and used API Gateway with several policies to control the access of the API endpoint.

  However, your customers are complaining about the unavailability of the API endpoint. Upon checking, you noticed that the Gateway URL is throwing Service Unavailable error. You need to check the backend latency and backend responses when this error started last night.

  What should you do to get this data? (Choose the best answer.)

  A. Check with the application owner and search the log file for the container to get the metrics from the log file.

  B. Go to Governance Menu and click on Audit to see the Audit log for the API Gateway. Filter it using Start and End date with a 503 response status.

  C. Go to Developer Services and click on API Gateway. Go to the detail page of the gateway and select Metrics. Change the Start and End time to filter the metrics.

  D. Go to Monitoring and click on Service Metrics. Choose the Metric Namespace as oci_apigateway. Change the Start and End time accordingly. Add a Dimension and select httpStatusCode: 503. Check the backend latency and backend responses metric.

  Correct Answer: D

  Explanation: https://medium.com/oracledevs/using-oci-monitoring-healthchecks-to- schedule-execution-of-serverless-functions-on-oracle-cloud-ef233f887a5

• Question 152:

  You have 10 Oracle Linux Compute instances within the ociarchpro compartment running in Oracle Cloud Infrastructure (OCI). The instances are placed in a private subnet inside a Virtual Cloud Network (VCN). You plan to leverage the Oracle Vulnerability Scanning service to gain visibility into potential vulnerabilities. Your goal is to improve the overall security posture. You create a Scan recipe with the following settings: Type: Compute Name: ociproscanrecipe CIS benchmark scanning: Enabled CIS benchmark profile: Medium (More than 40% of the benchmarks failing is a high risk) Schedule: Daily You create a target with the following settings: Type: Compute Compartment: ociarchpro Scan recipe: ociproscanrecipe Targets: All compute instances in the selected target compartment and its sub- compartments However, you are not able to see the result of host scans for the compute target. For the given scenario, which is NOT a valid troubleshooting task?

  A. Check whether the target was created less than 24 hours ago.

  B. Enable the scanning plugin on the Oracle Cloud Agent if you manually disabled it on the target compute instances.

  C. Create a service gateway for the Virtual Cloud Network (VCN) and configure a route rule.

  D. Disable agent-based scanning in the recipe.

  Correct Answer: C

• Question 153:

  A retail company has recently adopted a hybrid architecture. They have the following requirements for their end-to-end Connectivity model between their on-premises data center and Oracle Cloud Infrastructure (OC1) region

  *

  Highly available connection with service level redundancy

  *

  Dedicated network bandwidth with low latency

  Which connectivity setup is the most cost effective solution for this scenario?

  A. Setup IPsec VPN as your primary connection, and a FastConnect virtual circuit as a backup connection. Use separate edge devices in your on-premises data canter for each connection from your edge devices, advertise more specific routes IPSec VPN, and specific routes through the backup FastConnect virtual circuit.

  B. Setup FastConnect virtual circuit as your primary connection, and a second FastConnect virtual circuit as a backup connection. Use separate edge devices in your FastConnect physical connectivity is redundant Use a single edge device in your on premises data center for each connection From yc device, advertise more specific routes via primary FastConnect virtual circuit, and less specific routes through t backup FastConnect circuit.

  C. Setup FastConnect virtual circuit as your primary connection, and an IPSec VPN as a backup connection. Use separate edge devices in your on-premises data center for each connection. From your edge devices, advertise more specific routes through FastConnect virtual circuit, and more specific routes through the backup IPSec VPN path.

  D. Setup IPSec VPN as your primary connection, and a second IPSec VPN as a backup connection. Use separate edge devices in your on p data center for each connection. From your edge devices, advertise more specific routes via primary IPSec VPN. and less specific rod the backup IPSec VPN.

  Correct Answer: D

  Explanation: there are two main requirements for this Customer First Highly available connection with service level redundancy and that can achieve by

  

  3- Redundant FastConnect

  

• Question 154:

  You are building a demo for a customer that showcases Oracle Cloud Infrastructure (OCI) Events service and Oracle Functions. You plan to create an event every time an image is uploaded to an OCI Object Storage bucket. You have also created a function that is listening to the event and processes the image for face recognition.

  Choose the two actions from below that are NOT required to run the demo successfully.

  A. You must specify an action type while creating an Event service and specify the function you want to trigger.

  B. Creating an event rule is not permitted for OCI Object storage.

  C. The function must be deployed only to Oracle Kubernetes Engine (OKE).

  D. You have to enable Object Storage buckets to emit events for state changes.

  E. You must deploy the function that does facial recognition for the demo to work.

  Correct Answer: BC

• Question 155:

  You are designing the network infrastructure for two application servers: appserver-1 and appserver-2 running in two different subnets inside the same Virtual Cloud Network (VCN) Oracle Cloud Infrastructure (OCI). You have a requirement where your end users will access appserver-1 from the internet and appserver-2 from the on-premises network. The on-premises network is connected to your VCN over a FastConnect virtual circuit.

  How should you design your routing configuration to meet these requirements?

  A. Configure a single routing table (Route Table-1) that has two set of rules. One that has route to internet via the internet Gateway and another that propagate specific routes for the on-premise network via the Dynamic Routing Gateway. Associate the routing table with all the VCN subnets.

  B. Configure a single routing table (Routing Table-1) that has two set of rules: one that has route to internet via the Internet Gateway and another that propagates specific routes for the on-premises network via Dynamic Routing Gateway (DRG). Associate the routing table with the VCN.

  C. Configure two routing tables: Route Table-1 that has a route to internet via the Internet gateway. Associate this route table to the subnet containing appserver-1. Route Table-2 that propagate specific routes for the on-premises network via the Dynamic Routing Gateway (DRG) Associate this route table to subnet containing appserver-2.

  D. Configure two routing table (Route table-1 Route Table-2) that have rule to route all traffic via the Dynamic Routing Gateway (DRG) Associate the two routing tables with all the VCN subnets.

  Correct Answer: C

  An internet gateway is an optional virtual router you can add to your VCN to enable direct connectivity to the internet. Resources that need to use the gateway for internet access must be in a public subnet and have public IP addresses. Each public subnet that needs to use the internet gateway must have a route table rule that specifies the gateway as the target. For traffic to flow between a subnet and an internet gateway, you must create a route rule accordingly in the subnet's route table (for example, destination CIDR = 0.0.0.0/0 and target = internet gateway). Dynamic Routing Gateway (DRG) is A virtual edge router attached to your VCN. Necessary for private peering. The DRG is a single point of entry for private traffic coming in to your VCN,After creating the DRG, you must attach it to your VCN and add a route for the DRG in the VCN's route table to enable traffic flow.

• Question 156:

  A telecom company has an application running in Oracle Cloud Infrastructure (OCI) Germany Central (eu-frankfurt-1) region. They want to configure Disaster Recovery (DR) site in the OCI UK South (uk-london-1) region. Which is the most cost effective option to help set up application and persistence layers in the DR site?

  A. Application layer: configure events service rule in eu-frankfurt-1 region to filter Health Checks event failure and route traffic to uk-london-1 region in the event of a disaster. Persistence layer: set up policy to schedule cross-region automated backups of block volumes between eu-frankfurt-1 and uk-london-1 regions.

  B. Application layer: configure Traffic Management steering policy with Load Balancing policy between servers in eu-frankfurt-1 and uk-london-1 regions. Persistence layer: set up policy to schedule cross-region automated backups of block volumes between eu-frankfurt-1 and uk-london-1 regions.

  C. Application layer: Set us a public laod balancerin the eu-frankfurt-1 region. Create a backend set with instances running in bothuk-frankfurt-1 and uk-london-1 regions. Persistence layer: Set up OCI Object Storage replication from eu-frankfurt-1 region to uk- london-1 region.

  D. Application layer: configure Traffic Management steering policy with Failover policy between servers in eu-frankfurt-1 and uk-london-1 regions. Persistence layer: set up policy to schedule cross-region automated backups of file systems in File Storage service between eu-frankfurt-1 and uk-london-1 regions.

  Correct Answer: B

• Question 157:

  You are working as a cloud engineer for an IoT startup company which is developing a health monitoring pet collar for dogs and cats. The company collects biometric Information of the pet every second and then sends it to Oracle Cloud Infrastructure (OCI) Your task is to come up with an architecture which will accept and process the monitoring data as well as provide complete trends and health reports to the pet owners. The portal should be highly available, durable, and scalable with an additional feature for showing real time biometric data analytics.

  Which architecture will help you meet this requirement?

  A. Use OCI Streaming Service to collect the incoming biometric data. Use Oracle Functions to process the date and show the results on a real-time dashboard and store the results lo OCI Object Storage Store the data In OCI Autonomous Data warehouse (ADW) to handle analytics.

  B. Launch an open source Hadoop cluster to collect the Incoming biometrics data Use an Open source Fluentd cluster to analyze the- data me results to OCI Autonomous Transaction Processing (ADW)to handle complex analytics

  C. Create an OCI Object Storage bucket to collect the incoming biometric data from the smart pet collar Fetch the data horn OC\ Object storage to OCI Autonomous Data Warehouse (ADW) every day and run analytics Jobs with it

  D. Use OCI Streaming Service to collect the incoming biometric data. Use an open source Hadoop cluster to analyze the data horn streaming service. Store the results to OCI Autonomous Data warehouse (ADW) to handle complex analytics.

  Correct Answer: A

• Question 158:

  A large London based eCommerce company is running Oracle DB System Virtual RAC database on Oracle Cloud Infrastructure (OCI) for their eCommerce application activity. They are launching a new product soon, which is expected to sell in large quantities all over the world.

  The application architecture should have minimal cost, no data loss, no performance impacts during the database backup windows and should have minimal downtime.

  A. Launch a new VM RAC database in another availability domain, launch a compute instance, deploy Oracle GoldenGate on it and then configure it to replicate the data from the eCommerce Database over to the new RAC database using GoldenGate. Take backups from the new VM RAC database.

  B. Turn off automated backups from the eCommerce database, implement Oracle Data Guard with the Standby database deployed on another availability domain, take backups from the standby database.

  C. Launch a new VM RAC database in another availability domain, launch a compute instance, deploy Oracle GoldenGate on it and then configure bi-directional replication from the eCommerce Database over to the new VM RAC database using GoldenGate. Take backups from the new VM RAC database.

  D. Turn off automatic backups from the eCommerce database, implement Oracle Active Data Guard with the standby database deployed on another availability domain, and take backups from the standby database.

  Correct Answer: C

  Active Data Guard or GoldenGate are used for disaster recovery when fast recovery times or additional levels of data protection are required. And offload queries and backup to standby system.

  Oracle GoldenGate to support a disaster recovery site is to have a working bi-directional data flow, from the primary system to the live-standby system and vice versa.

  DataGuard and Automatic Backup

  You can enable the Automatic Backup feature on a database with the standby role in a Data Guard association. However, automatic backups for that database will not be created until it assumes the primary role.

• Question 159:

  Given this compartment structure:

  

  You are managing a compute instance that currently resides in the Compute compartment. The Virtual Cloud Network (VCN) into which the compute instance was originally deployed, also resides in this compartment. To support a project-related task, you need to move just the compute instance to the SysTest-Team compartment. You log into your Oracle Cloud Infrastructure (OCI) account and use the Move Resource option to place the compute instance in the new compartment.

  What will be the result of your attempt to move the compute instance to the new compartment? (Choose the best answer.)

  A. The move will be successful. The compute instance's public and private IP addresses will stay the same. The compute instance will remain associated with the VCN from the source compartment.

  B. The move will fail and you will be prompted to move the VCN first. Once VCN is moved to the target compartment, the compute instance can be moved.

  C. After moving the compute instance, you must move the compute instance VNIC as a separate action. The public and private IP addresses of the instance will remain unchanged and it will still be associated with the VCN from the source compartment.

  D. The move will be successful. However, the compute instance's public and private IP addresses will change, and it will be associated to the first VCN that was created in the new, target compartment.

  Correct Answer: C

• Question 160:

  You developed a microservices based application that runs on Oracle Cloud Infrastructure (OCI) Container Engine for

  Kubernetes (OKE). It has multiple endpoints that needs to be exposed to the public internet.

  What Is the most cost-effective way to expose multiple application endpoints without adding complexity to the application?

  A. Use clusterlP service type in Kubernetesfor each of yourservice endpointand use a load balancerto expose the endpoints.

  B. Use separate load balancerinstancefor each service but use the 100 Mbps loadbalanceroption.

  C. Deploy an Ingress controllerand use it to expose each endpointwith its own routing endpoint.

  D. Use NodePort service type in Kubernetesfor each of yourservice endpointand use node's public IP address to acccess the applications.

  Correct Answer: C